In an article by Michael Kassner and posted by TechRepublic.com, Mr. Kassner debates a thesis presented by two law professors who propose a paradigm shift in how we approach the problem(s) of cybersecurity.

This compressed summary/version presented by Mr. Kassner represents the thougths and proposals of co-authors Susan Brenner of the University of Dayton School of Law and Leo L. Clarke, formerly of the Thomas M. Cooley School of Law stated in their paper titled “Distributed Security: A New Model of Law Enforcement”.

Given that cybersecurity related issues rank high in the concerns of risk managers worldwide, and recognizing the impact that such risks have on business continuity plans, we believe this article is well worth your time to read.

Read Mr. Kassner’s article  and, hopefully, add to the comment string (also worth reading) to his article.

The U.S. healthcare industry is facing one of its biggest challenges in decades.  The new HIPAA 5010 and ICD-10 regulations have a target date for compliance by Jan 2012 and Oct 2013 respectively.  To comply, processes and IT systems will need to be aligned with the new regulation requirements and of course much training and retraining will have to be given to people responsible for the implementation of these new regulations to ensure not only business continuity but to also maintain the privacy rights of everyone involved so that penalties can be avoided.

Read more about these changes.

ASIS International had formed a Technical Committee to develop a Business Continuity Standard for the United States.  This committee is made up of over 160 people from around the world, who are Business Continuity Management practictioners, standards developers and members of Business Continuity Institutions such as DRII.   A subset of this committee has been selected to come together as a working group to write the new standard based on committee input.  Lisa DuBrock, Radian Compliance’s Managing Partner, is not only a member of the Technical Committee, but has been selected to be a member of the working committee.   The first meeting is set for next week, January 15^th and 16^th in Arlington, Virginia. 

The committee has been soliciting initial comments from practictioners world-wide to be used by the working group when developing the new standard.  These comments are due 1/9/09.  ASIS has also decided that they will utilize BS 25999 as a starting point for this standard.  As a Technical Expert for BSI Management Systems,  the certifying body for BS 25999, Lisa is excited that this standard will be recognized as the jumping off point for this effort. 

Lisa will provide  an update to this blog upon her return next week from Arlington.  Until then…be safe.